Internet companies should resist going the way of telephone companies on surveillance

Written by

Share

Written by

Google, Yahoo, Facebook, Microsoft, Apple, and others have vociferously denied that they gave the NSA direct access to their networks to provide data to the massive surveillance program called PRISM. Several of these companies emphasize the importance of protecting privacy and limiting government intrusions as part of their company ethos.

Twitter refused to participate in PRISM and elected instead not to make it easier for the NSA to gather information on users’ communications. It is widely acknowledged to be the most aggressive protector of user privacy and regularly works with its users to fight court orders for Twitter-related data.

Twitter’s absence from the list of cooperating companies is striking because the company’s personal messaging system is widely used by its 500-million person user base (see e.g. the Anthony Weiner scandal) and surely contains information of interest to the US government. But the company likely complies with more traditional, targeted FISA requests, because it would otherwise risk criminal liability in US courts.

The scale of private communications taking place over Google, Yahoo, and Microsoft (the owner of Hotmail) networks makes their data valuable to the NSA. They control even larger amounts of information than Twitter because unlike tweets, email messages, chat conversations, video conferences, etc. are not public. The combined user-base of these three leading email providers is over 1 billion people, double that of Twitter. And Facebook’s estimated 1.1 billion users generate not only public postings, but also a significant amount of chat conversations, direct messages, and other private communications.

According to the US government, the surveillance program is managed by the Foreign Intelligence Surveillance Court orders (pdf), which are issued in secret with only US government lawyers present. These orders put Google, Yahoo, Facebook, etc. in a bind because as US companies, they are required to comply with federal law, including the Patriot Act and Foreign Intelligence Surveillance Act, among others. It is unclear how a company, even Twitter, would fight a FISA order, when the very existence of the order is a state secret, and gag orders prevent the companies from disclosing any information about them.

These companies are much younger than the telephone industry and have a much shorter history of being subject to government regulation (and fewer regulations at that). According, to the Electronic Frontier Foundation, telephone companies do very little to protect private customer/user data from government collection. They regularly do not: require a warrant for content; tell users about government requests; publish transparency reports; publish law enforcement guidelines; fight for users’ privacy rights in court; and/or fight for users’ privacy rights in Congress. In the wake of recent revelations, telecom companies should their policies as consumers become more conscious—and likely concerned—about how and when their information is being shared.

Verizon has not denied that it received—and presumably complied with—an April 25 order by the Foreign Intelligence Surveillance Court to provide the NSA on an “ongoing, daily basis” information about all calls placed on its system, both landline and mobile, both within the US and between the US and foreign countries. The telecom company and its peers have a long history of complying with government regulation, especially since 9/11. Because the telephone has been the predominant method of communication for so long, phone companies have longstanding relationships with the US intelligence community.

Leading technology companies will increasingly become embroiled in US intelligence-gathering activities as new communications platforms and patterns evolve and the government strives to keep up. After all, PRISM is merely one method of complying with FISA orders—among many—that makes the transfer of data to the NSA (in compliance with such orders) easier. So even if a company like Twitter declines to participate, it still has to provide the data sought by the FISA order another way.

While they are forced to comply with their legal obligations, it is also incumbent upon them to stand up for user privacy instead of following in the foot steps of telephone companies and willingly submitting to increased government control. Google, which has traditionally scored high on protection of customer data, has attempted to maintain its track record through transparency. The company has requested—via an open letter to the Attorney General—that it be allowed to publish general information about the quantity and scope of FISA requests it receives as part of its annual transparency report. Yahoo, Microsoft, Facebook, and Twitter followed suit and are also calling for increased government transparency. Hopefully, Washington will listen and be more open about what exactly it’s asking these companies for and why.